Network/VPN/Windows: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
 
(46 intermediate revisions by 7 users not shown)
Line 1: Line 1:
'''Please note that this tutorial assumes you already have a network connection established.'''
The UMIACS VPN is accessible through the Ivanti Connect Secure Client.  Alternatively, you can establish a connection through a [https://vpn.umiacs.umd.edu/ web browser], but this may fail if you have an outdated version of Ivanti Secure already installed.
'''If you have a UMIACS account, you already have access.'''


The UMIACS VPN is accessible through the Pulse Secure Client.  Alternatively, you can establish a connection through a web browser.
'''NOTE: If your computer has an ARM-based processor, you will need a different installer than the standard Windows one. Please refer to the [[#Connecting through the Pulse Secure client (for computers WITH ARM processors)|instructions below]].'''
 
'''As of May 10th 2019, MFA Authentication is mandatory.'''


==Prerequisites==
==Prerequisites==
* Device enrolled with [[Duo | UMIACS Duo]]
* A [[Accounts#UMIACS_Account | full UMIACS account]]
* Device enrolled with [[Duo | UMIACS Duo]] for multi-factor authentication
* An established network connection (wired or wireless)


== Connecting through the Pulse Secure client ==
==Connecting through the Ivanti Secure client==
#'''Download the client:'''
# '''Download the client:'''
#:[[Media:PulseSecure.x64-Win64.msi|Windows 64 bit Pulse Secure Client]]<br style="clear:both"/>
#: [[Media:PulseSecure22.7.3.x64.msi|Windows 64 bit Pulse Secure Client]]
#:[[Media:PulseSecure.x86-Win32.msi|Windows 32 bit Pulse Secure Client]]<br style="clear:both"/>
#: ''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''  
#:''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
# '''Start the client if it is not already running - it usually starts by default on bootup.'''
#'''Start the client if it is not already running - it usually starts by default on bootup.'''
#: [[Image:Network VPN Windows Snip1.png|thumb|center|280px|[Windows] Start the client from the Start Menu.]]
#:[[Image:Pulse Secure Desktop App.jpg|thumb|center|280px|[Windows] Start the client from the Start Menu.]]
# '''If the client is already running, double click its icon from the status bar.'''
#'''If the client is already running, double click its icon from the status bar.'''
#: [[Image:Network VPN Windows Snip2.png|thumb|center|280px|[Windows] Double click its status icon to open.]]
#:[[Image:Pulse Icon.jpg|thumb|center|280px|[Windows] Double click its status icon to open.]]
# '''and click 'Add' (+) under the connection section.'''
#'''and click 'Add' (+) under the connection section.'''
#: [[Image:Network VPN Windows Snip3.png|thumb|center|280px|[Windows] Click the 'Add' (+) button to create a new connection.]]
#:[[Image:Pulse Secure1.jpg|thumb|center|280px|[Windows] Click the 'Add' (+) button to create a new connection.]]
# '''Enter a name for your VPN connection and the server URL 'vpn.umiacs.umd.edu''''  
#'''Enter a name for your VPN connection and the server URL 'vpn.umiacs.umd.edu''''  
#: [[Image:Network VPN Windows Snip4.png|thumb|center|280px|[Windows] Enter the name of the VPN server.]]
#:[[Image:Pulse Connection.jpg|thumb|center|280px|[Windows] Enter the name of the VPN server.]]
# '''Enter your UMIACS credentials and hit connect.'''  
#'''Enter your UMIACS credentials and hit connect.'''  
#: [[Image:Network VPN Windows Snip5.png|thumb|center|280px|[Windows] Enter UMIACS credentials.]]
#:[[Image:Pulse UserPass.jpg|thumb|center|280px|[Windows] Enter UMIACS credentials.]]
# '''Enter Secondary Password for [[Network/VPN/MFA | MFA]]. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.'''
#'''Enter Secondary Password for [[Network/VPN/MFA | MFA]]'''


:::[[Image:Vpnmfa6.png|thumb|center|280px|[Windows] Enter Secondary Password.]]
:::[[Image:Network VPN Windows Snip6.png|thumb|center|280px|[Windows] Enter Secondary Password.]]


::The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
::The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
Line 44: Line 42:
|}
|}


::Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please [[HelpDesk | contact us]] if you would like to register a YubiKey for this purpose.
:: Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please [[HelpDesk | contact us]] if you would like to register a YubiKey for this purpose.


{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.}}


{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.}}
You should now be connected to the UMIACS VPN.


'''Please note, 32-bit clients are no longer supported by Ivanti!'''


==Connecting through the Ivanti Secure client (ARM processors)==
ARM processors cannot natively run x64 or x86 programs without special emulation. However, not all x86 programs run smoothly even with emulation. As such, the best course of action for these sorts of machines is using the version of Pulse Secure that is specifically made for ARM processors.


You should now be connected to the UMIACS VPN.
# '''Download the client:'''
#: [[Media:PulseSecure22.7.3.ARM64.msi|Windows 64 bit ARM Pulse Secure Client]]
#: ''Upon starting the client for the first time it may ask to upgrade the client.  This will pull an up to date version of the client with the most recent configuration.''
# '''Follow all post-download steps in the above section.'''


==Checking VPN Status==
==Checking VPN Status==
# In the bottom right hand corner, in your status bar, you should see an S icon. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.  
# In the bottom right hand corner, in your status bar, you should see an S icon. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.  
#:[[Image:Pulseicon2.png|thumb|center|500px|]]
#: [[Image:Network_VPN_Windows_Snip7.png|thumb|center|500px|]]
# You can hover over this icon and it will show you the status of your connection.
# You can hover over this icon and it will show you the status of your connection.
#:[[Image:PulseStatus2.png|thumb|center|500px|]]
#: [[Image:Network_VPN_Windows_Snip8.png|thumb|center|500px|]]
 
 
<br style="clear:both"/>

Latest revision as of 15:26, 12 September 2024

The UMIACS VPN is accessible through the Ivanti Connect Secure Client. Alternatively, you can establish a connection through a web browser, but this may fail if you have an outdated version of Ivanti Secure already installed.

NOTE: If your computer has an ARM-based processor, you will need a different installer than the standard Windows one. Please refer to the instructions below.

Prerequisites

Connecting through the Ivanti Secure client

  1. Download the client:
    Windows 64 bit Pulse Secure Client
    Upon starting the client for the first time it may ask to upgrade the client. This will pull an up to date version of the client with the most recent configuration.
  2. Start the client if it is not already running - it usually starts by default on bootup.
    [Windows] Start the client from the Start Menu.
  3. If the client is already running, double click its icon from the status bar.
    [Windows] Double click its status icon to open.
  4. and click 'Add' (+) under the connection section.
    [Windows] Click the 'Add' (+) button to create a new connection.
  5. Enter a name for your VPN connection and the server URL 'vpn.umiacs.umd.edu'
    [Windows] Enter the name of the VPN server.
  6. Enter your UMIACS credentials and hit connect.
    [Windows] Enter UMIACS credentials.
  7. Enter Secondary Password for MFA. For example, if you wish to push a notification to your device, type the word "push" into the secondary password box.
[Windows] Enter Secondary Password.
The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.
Second Credential Password Value: Result
push Send a push verification to your Duo connected device
phone Send a call verification to your Duo connected device.
<press YubiKey> If you have a physical token then you would press the YubiKey for the one time password.
Please note that registering a YubiKey for use with the VPN requires interaction with UMIACS Tech Staff. Please contact us if you would like to register a YubiKey for this purpose.
Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.

You should now be connected to the UMIACS VPN.

Please note, 32-bit clients are no longer supported by Ivanti!

Connecting through the Ivanti Secure client (ARM processors)

ARM processors cannot natively run x64 or x86 programs without special emulation. However, not all x86 programs run smoothly even with emulation. As such, the best course of action for these sorts of machines is using the version of Pulse Secure that is specifically made for ARM processors.

  1. Download the client:
    Windows 64 bit ARM Pulse Secure Client
    Upon starting the client for the first time it may ask to upgrade the client. This will pull an up to date version of the client with the most recent configuration.
  2. Follow all post-download steps in the above section.

Checking VPN Status

  1. In the bottom right hand corner, in your status bar, you should see an S icon. If there's a green arrow, that means you are connected! If there is nothing, that means you are not.
    Network VPN Windows Snip7.png
  2. You can hover over this icon and it will show you the status of your connection.
    Network VPN Windows Snip8.png